It’s a tough job to run a website with a certain amount of traffic: it’s a permanent work and day and night (night for the paranoiac!) you must be sure the site is ok. And every morning, same fear and question: is the website still okay?
I took a 2-day break last Thurday and Friday, and Saturday morning I discovered that Geeks3D has been hacked (see some feedbacks here)… no rest for us poor webmasters!
All conditions for a hacking were satisfied: webmaster away and known security issues present!
I think the hacker (certainly a script-kiddie) has exploited one of the security holes of WordPress engine prior to version 3.0.4.
I found and removed the malicious code (available only on the front page), changed all passwords and of course applied the last WP 3.0.4 patch. Hope that will be enough…
I was a bit tired when WP update has been released and as you can see, there’s no mercy for the lazy webmaster…
And thank you guys for all your feedbacks (comments and emails)!
Thats why I would personlly avoid popular ‘pre-packaged’ website systems such as WordPress. They are too easy to target in mass, as you can just Google for old version numbers!
So you probably want to disable WordPress from putting this in your HTML header:
As that makes it easy to find hackable versions.
Oops the html was removed!
[greater-than]meta name=”generator” content=”WordPress 3.0.4″ /[less-than]
Yep the WP version is in the header, but from what I know, many scanners do not rely on the version number to detect the real version of WP. I’ll try to remove it shortly…
my anti virus blocked the page…it was trying to redirect to /open a strange page
Yesterday morning I started getting warnings from Microsoft Security Essentials when visiting http://www.geeks3d.com.
Here is what MSE blocked;
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=TrojanDownloader%3aJava%2fOpenConnection.JR&threatid=2147641619
and the file was this:
file:C:\Users\username\AppData\Local\Temp\jar_cache3067705708289609090.tmp->prev/monoid.class
hacked… maybe it’s the ransom of glory 😉
Just to mention, there are some WP extensions to help you, such as http://wordpress.org/extend/plugins/wp-security-scan/
lol i though so. eset anti-virus was picking up bad .js scrips 😛
my anti virus blocked the page NOD32 64bit
hackers mothafucka.
@Jegx
you sure that the issue is fixed .. my IE7 is still behaving very odd when i visit this site .. (IE7 getting hanged ) … i think i will not be able to view anymore from my office :(…
@Leith
Thanks for letting me know .. I have done a complete scan and i didn’t find any trojan or virus..
Hmm this website is for us 3d geek lovers and was hacked by some hacker geek.
Would have thought geeks would respect eah other more…so the hacker was a Geeeeeeeck !
Good that I use NoScript.
Avast popped up a warning and blocked the JS code for me. I have avoided visiting the site from work since then.
Yes i was getting AVG protection over Opera, that was funny i don’t have AVG on, but it worked i guess.
@N,
NoScript for Firefox is indeed useful! Score!
@Merk,
Respect from crackers[yes, a hacker who hacks for illicit propose is a cracker; ie criminal hacker]? Seriously?
@Geeks3D Webmaster,
No sleep for the weary, but kudos for catching it so fast. Most websites only do something after serious damage is done. If you want to avoid certain issues like this in the future, consider not using JS at all. Go with an all HTML5 page instead. More secure[for now] and just as useful…
Just sayin…
Merk was making an ironic joke…guess you misunderstood LexLuthermiester
Irony is usually lost on lots of europeans and americans.
Irony defined:The expression of one’s meaning by using language that normally signifies the opposite, typically for humorous or emphatic effect.